<!doctype html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/utils.js"></script>
<script src="/shared-storage/resources/util.js"></script>
<script src="/fenced-frame/resources/utils.js"></script>

<body>
<script>
'use strict';

const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}';

promise_test(async t => {
  const ancestor_key = token();
  const helper_url = crossOrigin +
                     `/shared-storage/resources/credentials-test-helper.py` +
                     `&access_control_allow_credentials_header=true` +
                     `&token=${ancestor_key}`;

  return promise_rejects_dom(t, "OperationError",
    sharedStorage.createWorklet(
      helper_url + `&action=store-cookie`,
      { credentials: "include" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
   '"include", default data origin (context origin), and without ' +
   'Access-Control-Allow-Origin response header');

promise_test(async t => {
  const ancestor_key = token();
  const helper_url = crossOrigin +
                     `/shared-storage/resources/credentials-test-helper.py` +
                     `&access_control_allow_credentials_header=true` +
                     `&token=${ancestor_key}`;

  return promise_rejects_dom(t, "OperationError",
    sharedStorage.createWorklet(
      helper_url + `&action=store-cookie`,
      { credentials: "include", dataOrigin: "context-origin" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
   '"include", "context-origin" as dataOrigin, and without the ' +
   'Access-Control-Allow-Origin response header');

promise_test(async t => {
  const ancestor_key = token();
  const helper_url = crossOrigin +
                     `/shared-storage/resources/credentials-test-helper.py` +
                     `&access_control_allow_credentials_header=true` +
                     `&shared_storage_cross_origin_worklet_allowed_header=?1` +
                     `&token=${ancestor_key}`;

  return promise_rejects_dom(t, "OperationError",
    sharedStorage.createWorklet(
      helper_url + `&action=store-cookie`,
      { credentials: "include", dataOrigin: "script-origin" }));
}, 'createWorklet() with cross-origin module script, credentials ' +
   '"include", "script-origin" as dataOrigin, and without the ' +
   'Access-Control-Allow-Origin response header');

</script>
</body>
